Among the many key requirements of the General Data Protection Regulation (GDPR), embedding the practice of privacy by design within the product development process may be a shift for the tech industry’s innovative developers and engineers. According to the ICO, “Privacy by design is an approach to projects that promotes privacy and data protection compliance from the start. Unfortunately, these issues are often bolted on as an after-thought or ignored altogether.” This isn’t the case for the engineers and product managers who created Adobe Audience Manager. Rather, they’ve been developing with privacy in mind long before any regulatory requirements were asked of them.

GDPR strengthens the rights of data subjects, or consumers, to manage the data that’s stored about them by brands. Data controllers, or brands, own their data and dictate how it’s used for processing. As data processors, Adobe’s responsibility is to enable brands with tools they need to manage their data.

Here’s a snapshot of the Audience Manager privacy-by-design features that have been available in the Audience Manager user interface even before GDPR requirements: IP address obfuscation, role-based access controls, data export controls, and time to live (TTL) .

With GDPR, the definition of personal data is more expansive. Marketers should consult their legal counsel to review which data types may fall into this category based on their business. IP addresses could fall into this category in certain regions. Audience Manager admins can work with their consultant to obfuscate the last octet of IP addresses and then pass as an identifier into Audience Manager for audience creation. Once the IP is obfuscated, the IP address is made sufficiently anonymous. The remaining values of the IP address can still be used for geotargeting. Learn more about the IP obfuscation process and data privacy here.

As your data management platform (DMP) practice expands use cases beyond one team, or perhaps more brands, the DMP center of excellence should consider implementing RBAC to govern who has access to traits, segments, and activation platforms. In the user interface, this is accomplished by using the group permissions option under the Administration menu. After creating users, you can then assign them to key groups. Controls for groups can be set at user or group levels. Controls can also be set at the data source level or across the platform. RBAC permissions can also be set up programmatically by using REST APIs. The chart below summarizes the controls that can be set.

Permission groups enable admins to assign specific data sources to a trait, segment, or destination. When a new data source is added, group members don’t get access to those new sources. Audience Manager admins can simplify permission group management with Wild Card Permissions, which give group members automatic access to each data source associated with a segment, destination, or trait. Without Wild Card Permissions, admins must open the group permissions and assign those new data sources to each group. Wild Card Permissions streamline this manual data source update process, giving groups access to new data sources without explicit authorization. Work with your DMP center of excellence to understand which methodology aligns best with your data governance practices.

Data Export Controls: Control where data is activated and where it shouldn’t be activated

Data Export Controls prevent segments from sending data to destinations when this would violate data privacy or data usage agreements. This could be required due to privacy policies, internal policies, or contractual obligations. Think of Data Export Controls as a way to classify or label data sources and destinations. The classifications you apply determine when data can or cannot be exported to a destination. When set on a data source, controls restrict how that data source and its traits can be used.

When set on a destination, these labels identify how the destination uses data. Data Export Controls are available automatically. However, you need administrator permissions to add export controls to a data source. Adding export labels to a destination requires administrator permissions or sufficient privileges to create or edit a destination.

Tip: Data Export Controls can also be set when creating Profile Merge Rules. This is key to managing identity strategy. See the comprehensive set of controls and labels here.

Time to Live (TTL): Manage audience creation based on personalization strategy

This is my favorite privacy-enhancing feature because the value for a marketing campaign is crystal clear, especially for personalization and customer retention use cases. TTL is an expiration setting on a trait. Imagine you’re running a campaign for loyal users to see if they’re price-conscious. For these users, you only want to target offers related to clearance items which tend to be low in price and liquidate fast. You set the TTL to 10 days. Users who don’t get realized in this associated trait fall off. This feature also applies the concepts of data minimization – if the user doesn’t qualify for the trait, there’s no reason for that user to remain in the segment. TTL is so easy to set up. Select the advanced option in Trait Builder. And if you want to get even more advanced, check out the results if you have two traits in a segment set to different TTL limits in this Segment Time to Live Explained section of the Audience Manager documentation.

Marketing with privacy in mind

We recognize that using a DMP for unifying and activating audiences at scale means that setup and training priorities are focused on campaigns for customer acquisition and customer retention. Features such as Audience Labs or lookalike modeling have a “cool” factor. With privacy becoming more important from a GDPR perspective and in the court of public opinion, now is a good time for marketing practitioners to refresh their Audience Manager skills with features focused on privacy and data governance.